Deploying an EXE patch using GPO

Recently at my client site, we needed to push a Microsoft Patch that we couldn't push using our update solution. The ideal solution would be to wrap the executable up into an MSI and just push the MSI using a GPO. After trying this using a 3rd party MSI wrapper utility, we created an MSI and pushed it to all workstations, where the wrapper itself installed, but the executable failed to run. In the interest of time, we needed to engineer a solution quickly to push our patch to ensure that users would be able to continue to access certain resources within our infrastructure. I know that you can create a Setup package by using Visual Studio .NET (another tutorial here), but we didn't have the time to sit down and hammer out a solution and test it.

Instead, I suggested that we push the executable using a GPO and simple VB script. The trick is we'd have to build into the script a way to check to make sure the executable hasn't already been installed- otherwise every computer getting the GPO will run the executable every time it boots (something we don't want). After a bit of Googling, I wrote the following VB script, which does the following:

# Pseudo Code
Check if a reg key exists
If the reg key does not exist, execute the executable installer with switches to make it a passive installer
Once the executable complete, create a registry key marking that the install has completed

'Reg key to create. Doesn't have to be this key, but since this is technically a patch, put it in Windows Update
sRegKey="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
sExePath = "\\path\to\executable"
sSwitches = "/passive /warnrestart:45" 'Check available flags on Executable for options here

' Suppress error in case values do not exist
On Error Resume Next

' Check for the Reg Key Marker
sRegMarkerValue = "" ' initial value
sRegMarkerValue = oShell.RegRead( sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe")
On Error Goto 0

' To ensure update is only installed once, test the reg key marker
If sRegMarkerValue <> "yes" then

'Run the executable with switches
oShell.Run Chr(34) & sExePath & Chr(34) & " " & sSwitches, 1, True

' Create the Reg Key marker
oShell.RegWrite sRegKey & "\WindowsXP-KBXXXXX-x86-ENU.exe", "yes"
End If

After applying the GPO, we rebooted all of the workstations, and our patch was successfully applied!

Windows Batch Scripting and Win2k8 AD GPO Functionality

Created this script and saved it as a .bat file to loop through values stored in a comma-delimited file to reboot specific machines:

FOR /F %%A IN (filename.csv) DO (
ECHO. %%A >> result.txt %1
shutdown -m \\%%A -r -f -t 10 -c "Your workstation will reboot in 10 seconds for scheduled maintenance" >>result.txt %1
)

And some cool functionality that you can do using GPOs in AD 2008:

• Set/Change Local User Passwords on all workstations in the domain
• Map network drives without using vb scripts/batch files
• Map printers without using vb scripts/batch files
• Disable USB storage devices using REG keys
• Disable specific hardware devices (CDROM drives, imaging devices, etc)
  

RedHat Certified Technician

I am officially a RedHat Certified Technician! Although I'm not gaining any experience in RedHat on my current project, I managed to get RedHat training approved by my firm, and took the RH133 course last week. The course was great- I learned a good deal of administration tips and tricks and it really helped fill in some crucial voids in my Linux repertoire.

I'm hoping to continue on the Red Hat path to obtain my RHCE in the next year, hopefully in October if possible. Admittedly, Gentoo still holds a special place in my heart, but in terms of usability and enterprise server-grade Linux, Red Hat has gained a lot of points in my book, particularly with its implementation yum and system configuration tools.

The class also inspired me to take a closer look at Xen and KVM virtualization. I'm hoping to P2V my Windows 7 box at home, and instead use RHEL (or CentOS) as a hypervisor and run Windows 7 as a VM.

RH courses I'm hoping to attend (and gain certification in) in the coming months include:

• RH253 - Red Hat Linux Network and Security Administration
• RH318 - Red Hat Virtualization Administration